Duplicate Post
by WordPress
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-10379 | Cri | 0.64 | 9.8 | 0.02 | Aug 21, 2019 | The duplicate-post plugin before 2.6 for WordPress has SQL injection. | ||
| CVE-2021-43408 | Med | 0.43 | 6.5 | 0.10 | Nov 19, 2021 | The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete… | ||
| CVE-2014-10378 | Med | 0.40 | 6.1 | 0.01 | Aug 21, 2019 | The duplicate-post plugin before 2.6 for WordPress has XSS. | ||
| CVE-2019-25314 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2026 | Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin… | ||
| CVE-2026-53740 | Med | 0.35 | 5.4 | 0.00 | Jun 10, 2026 | Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice. | ||
| CVE-2026-1217 | Med | 0.35 | 5.4 | 0.00 | Mar 18, 2026 | The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone_bulk_action_handler() and republish_request() functions in all versions up to, and including, 4.5. This makes it possible for… | ||
| CVE-2026-53739 | Med | 0.28 | 4.3 | 0.00 | Jun 10, 2026 | Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice… | ||
| CVE-2026-2301 | Med | 0.28 | 4.3 | 0.00 | Feb 25, 2026 | The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` function in `includes/api.php` using `$wpdb->insert()` directly to the `wp_postmeta`… |
- risk 0.64cvss 9.8epss 0.02
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
- risk 0.43cvss 6.5epss 0.10
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete…
- risk 0.40cvss 6.1epss 0.01
The duplicate-post plugin before 2.6 for WordPress has XSS.
- risk 0.36cvss 5.5epss 0.00
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin…
- risk 0.35cvss 5.4epss 0.00
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.
- risk 0.35cvss 5.4epss 0.00
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone_bulk_action_handler() and republish_request() functions in all versions up to, and including, 4.5. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice…
- risk 0.28cvss 4.3epss 0.00
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` function in `includes/api.php` using `$wpdb->insert()` directly to the `wp_postmeta`…